[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] About that e-postage draft [POSTAGE]

To: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Subject: Re: [Asrg] About that e-postage draft [POSTAGE]
From: John Leslie <john at jlc.net>
Date: Sun, 15 Feb 2009 13:56:04 -0500
Delivered-to: asrg at core3.amsl.com
In-reply-to: <7eeceb440902150714h597409f6hf1c4b7db53dea403 at mail.gmail.com>
List-archive: <http://www.irtf.org/mail-archive/web/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
References: <20090212142133.GV52653 at verdi> <20090212215841.11637.qmail at simone.iecc.com> <7eeceb440902150714h597409f6hf1c4b7db53dea403 at mail.gmail.com>
Reply-to: Anti-Spam Research Group - IRTF <asrg at irtf.org>
User-agent: Mutt/1.4.1i

mathew <meta at pobox.com> wrote:
> On Thu, Feb 12, 2009 at 15:58, John Levine <johnl at taugh.com> wrote:
> 
>> My standard spam model is that the bad guy buys one stamp and uses
>> that one genuine stamp on a thousand messages (transactions, whatever)
>> at the same time.  It's really easy to verify that a stamp is real
>> using digital signatures, but there's no way to tell if it's already
>> been used other than asking the issuer.
>>
>> It is possible to defend against this threat, but not cheaply, since
>> the defense requires a robust transaction system that can serialize
>> the thousand requests, approve one, and reject the other 999, while
>> still providing service to the rest of their customers.
> 
> Nonsense. You just make the purchased stamp dependent upon the address
> of the recipient, for example by hashing the To: address inside the
> cryptographic stamp when it's minted.

   Minor correction: for the POSTAGE draft, the token may cover multiple
To: addresses; thus it should be tagged with the receiving MTA, not the
To: address.

> You know, like SSL certificates include the hostname so you can't use
> the same one on multiple sites.
> 
> Sure, the spammer can then send 1000 copies of the stamp with 1000 spam
> messages, but 999 of them will be rejected when the stamp is decoded,
> without any network transaction being required.

   This might be worth adding to the POSTAGE draft -- not that it isn't
already possible, just that for this to catch multiple use of the same
token it would need to be mandatory. What do folks think?

--
John Leslie <john at jlc.net>

Follow-Ups:
- Re: [Asrg] About that e-postage draft [POSTAGE]
  - From: Bart Schaefer

References:
- Re: [Asrg] About that e-postage draft [POSTAGE]
  - From: John Leslie
- Re: [Asrg] About that e-postage draft [POSTAGE]
  - From: John Levine
- Re: [Asrg] About that e-postage draft [POSTAGE]
  - From: mathew

Prev by Date: Re: [Asrg] About that e-postage draft [POSTAGE]
Next by Date: Re: [Asrg] About that e-postage draft [POSTAGE]
Previous by thread: Re: [Asrg] About that e-postage draft [POSTAGE]
Next by thread: Re: [Asrg] About that e-postage draft [POSTAGE]
Index(es):
- Date
- Thread